Group items tagged

"Encrypting View State Although MAC encoding helps prevent tampering with view state data, it does not prevent users from viewing the data. You can prevent people from viewing this data in two ways: by transmitting the page over SSL, and by encrypting the view state data. Requiring the page to be sent over SSL can help prevent data-packet sniffing and unauthorized data access by people who are not the intended recipients of the page. However, the user who requested the page can still view the view state data because SSL decrypts the page to display it in the browser. This is fine if you are not concerned about authorized users having access to view state data. However, in some cases, controls might use view state to store information that no users should have access to. For example, the page might contain a data-bound control that stores item identifiers (data keys) in view state. If those identifiers contain sensitive data, such as customer IDs, you should encrypt the view state data in addition to or instead of sending the page over SSL. To encrypt the data, set the page's ViewStateEncryptionMode property to true. If you store information in view state, you can use regular read and write techniques; the page handles all encryption and decryption for you. Encrypting view state data can affect the performance of your application. Therefore, do not use encryption unless you need it. Control State Encryption Controls that use control state can require that view state be encrypted by calling the RegisterRequiresViewStateEncryption method. If any control in the page requires that view state be encrypted, all view state in the page will be encrypted. Per-user View State Encoding If a Web site authenticates users, you can set the ViewStateUserKey property in the Page_Init event handler to associate the page's view state with a specific user. This helps prevent one-click attacks, in which a malicious user creates a valid, pre-filled Web page with view state from a pre

"The Controls Collection Cannot Be Modified Because the Control Contains Code Blocks"

"[How Do I:] Use the ASP.NET AJAX History Control?"

A fix to a common problem when adding to the dynamically

"How To Use Control Alt Delete in Remote Desktop"

How can I delete a failed Domain Controller object from Active Directory? When you try to remove a domain controller from your Active Directory domain by

"Cross Site Request Forgery (CSRF) This article assumes you already understand what CSRF is and how it works. If you don't, do a quick Google search and it will clear it up. CSRF can be done using POST or GET, but GET is much easier to implement. By default, ASP.Net forms and other functionality work via the POST method. If we could submit a GET instead of a POST it would open up the attack surface a great deal. No longer do we need someone to visit a page with a form on it, but we could actually embed the GET request (a link) in emails or other medium. Fortunately for the attacker, unfortunately for the developer, .Net uses Value Shadowing for its controls. This means all server side controls, ie. Viewstate, EventValidation, EventCommand, EventArguments, etc.. It is possible to take the values that would be submitted as part of the form and just add them to the Querystring instead. Now there is a GET request that is comparable to the POST request. ASP.Net Webforms does not check whether a post back comes from GET or POST. The one thing to keep in mind is that the URL in a GET is limited in size. If the form is large and the viewstate is very large, this could block this technique from working. This depends on the way the application is configured (more later)."

ASP.NET Controls For All Of The jQuery UI Widgets

"Restoring a Domain Controller Through Reinstallation and Subsequent Restore from Backup"

"Things to consider when you host Active Directory domain controllers in virtual hosting environments"

.NET controls similar to Telerik

"Controlling access to scripts in a host web page"

Tooltipsy gives you complete control over the CSS, animation, and position.

image upload user control

File Manager control for ASP.NET 2

The Sitecore Social Connected module contains several independent tools: Social Connector allows website visitors to log in your website using credentials from their social network accounts. Your website receives more information about the visitor from the social network profile. You can use it to personalize the website. Social Publishing allows posting automatic updates to the social networks along with publishing Sitecore items. Putting Like and Tweet buttons on the webpage. You can put the buttons as Sitecore controls and track users' activity using Sitecore analytics.

"ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter"

A new tool called Sitecore Rocks has been released in a CTP (Community Technology Preview) version - a early sneak peek. The tool, although a little rough around the edges, really shows a bright new future for Sitecore development, a future where we as developers do not need to muck about with browsers interfaces, only to connect our code, .NET pages and user controls into Sitecore. Now we can stay within in the tool we use and like, Visual Studio.

bxCarousel is an advanced, yet easy to use jQuery carousel plugin. Features: - specify number of elements to display - specify number of elements to move the slide - auto mode - previous / next controls